I think it's a fair question. If they had what they believed to be an improved (more secure) OpenSSL why not contribute the patch back to the community? After all they are standing on the shoulders of giants here, it seems a bit selfish to take an open-source project, improve it, and then not share that back.
Yes I know that many open-source licenses do not obligate one to do this, but it still seems like the right thing to do to me.
I can't say what happened in this case but after you submit a patch to openssl and wait 6mo, a year, two, or even close to four, and simply don't hear anything back or if you do that they are doing something their own way instead, you just sort of lose the will and might get to simply be pragmatic and do what you need for your own job and customers after a while.
ams6110|12 years ago
Yes I know that many open-source licenses do not obligate one to do this, but it still seems like the right thing to do to me.
mzs|12 years ago
ithkuil|12 years ago